WHOIS shows my info despite redaction on at registration time

I recently purchased a new domain and registered it directly through Cloudflare. I had the privacy and redaction feature enabled at the time. Now, I'm getting spam email and many WHOIS sites show my private information.

XXech I recently purchased a new domain and registered it directly through Cloudflare....

Chaika•2/11/25, 7:59 PM

I had the privacy and redaction feature enabled at the time

It's not a feature that you can enable on checkout, Cloudflare just has redaction on by default.
What's the extension? Some like force registrants to show their info

XechOP•2/11/25, 8:00 PM

The TLD is . I've had no such issue with my domain name. GoDaddy is showing redacted for the domain, but ICANN isn't.

XechOP•2/11/25, 8:02 PM

I would imagine this might be something I need to contact ICANN about? https://www.icann.org/complaints-office

Chaika•2/11/25, 8:02 PM

What's the domain if you don't mind sharing (can dm if you want), Cloudflare does only redaction and not whois privacy, and different Registries have different policies, but should just be country/state usually

XXech I would imagine this might be something I need to contact ICANN about? <https://...

Chaika•2/11/25, 8:03 PM

idk what they would do

XechOP•2/11/25, 8:04 PM

Hmm actually ICANN is showing accurately now. It's who.is that isn't.

Chaika•2/11/25, 8:04 PM

Do you have whois privacy enabled under Domain Registration -> Manage Domains -> Manage -> configuration?

XechOP•2/11/25, 8:05 PM

XechOP•2/11/25, 8:05 PM

I wonder if sites scraped it in the brief window before redaction was enabled.

XXech I wonder if sites scraped it in the brief window before redaction was enabled.

Chaika•2/11/25, 8:06 PM

I think it's more that some websites are being nice and are censoring, I see it all via util.
In terms of what you can do, you could try disabing/re-enabling that, and then Registrar Ticket
I was trying to find the policies of on redaction, they all say different things can be redacted, although still shouldn't show everything

XechOP•2/11/25, 8:07 PM

Ok I toggled WHOIS Privacy off and on again. How long would you estimate propagation to take, day or two?

Chaika•2/11/25, 8:09 PM

Not something I've paid too much attention to, with com/net usually it's minutes. Could be longer with but I wouldn't expect more then a few hours or so
I'd make a registrar ticket regardless as it shouldn't have happened / something they should look into, even if that does fix it

Chaika•2/11/25, 8:13 PM

when you make ticket, please give ticket #, can escalate

CChaika when you make ticket, please give ticket #, can escalate

XechOP•2/11/25, 8:14 PM

01385327

XechOP•2/11/25, 8:17 PM

Trying to check status refers me here with a database insert failure parameter:
https://developers.cloudflare.com/support/account-management-billing/cannot-locate-dashboard-account/?ErrorCode=41&ErrorDescription=Execution+error&ErrorDetails=DML%3AInsert+failed.+First+exception+on+row+0%3B+first+error%3A+UNKNOWN_EXCEPTION%2C+portal+account+owner+must+have+a+role%3A+%5B%5D

Chaika•2/11/25, 8:18 PM

when they respond you'll get an email

Chaika•2/11/25, 8:19 PM

you could make a ticket about dashboard access too though (instructions on that page), you have a paid service, just an annoying issue that's been around since they switched help desk services

XechOP•2/11/25, 8:21 PM

Ok. My support ticket about support tickets is 01385341. Thank you for your help!

XXech 01385327

Chaika•2/11/25, 8:26 PM

Thanks, I raised that one, wonder if it's a broader quirk with since they just added them. Cloudflare's rdap tool https://rdap.cloudflareregistrar.com/ui/index.html does show it censored, at least now, but not ai's whois server

XechOP•2/11/25, 8:28 PM

Gotcha. Thank you again for the link to the official one.

XechOP•2/12/25, 4:49 AM

There aren't by chance published SLAs for paid support?

XXech There aren't by chance published SLAs for paid support?

Chaika•2/12/25, 5:44 AM

Only Enterprise gets SLAs or SLOs for tickets

Chaika•2/12/25, 5:47 AM

One of the other community champs (James) did buy an ai domain (ouch) to replicate this, and so far they replied with

Quick update from the team is that this is expected behavior as the .ai TLD does not censor this info, and they'll take steps to make that clear when registering .ai domains similar to what we currently do for .us.

So I guess difference between redaction and full whois privacy. Hoping for some proper communication from the Registrar team to affected users. In the short term, I would consider changing the info on there like your phone/email etc to non-personal or virtual numbers. Your ticket is still escalated though, this is separate from that

CChaika One of the other community champs (James) did buy an ai domain (ouch) to replica...

XechOP•2/12/25, 6:17 AM

Ah ok. I'll likely forego the domain if .ai has the same caveat as .us so thank you for the update! I'll cancel those tickets once I get access to the portal.

XechOP•2/12/25, 6:43 AM

Extra questions on this:

Are registrars like PorkBun, NameCheap, NameSilo, Proxy LLC, etc. in violation considering this domain is privatized by them per the official .ai WHOIS (http://whois.nic.ai/) and using Cloudflare name servers? This seems to contradict James' update and implies the issue may reside with Cloudflare:
I imagine the no refund policy is still in effect for registering this domain for two years despite there being an option to enable WHOIS privacy during registration and seemingly being a feature other registrars can provide?
Is there a definitive source of truth for which TLDs are compatible with WHOIS privacy, or a list of sources per TLD? The policies page seems to be outdated: https://www.cloudflare.com/tld-policies

XechOP•2/12/25, 7:22 AM

I've re-registered the domain with PorkBun and the domain WHOIS is now private per the official .ai WHOIS (http://whois.nic.ai/)

XXech Extra questions on this: - Are registrars like PorkBun, NameCheap, NameSilo, Pro...

Chaika•2/12/25, 2:24 PM

Are registrars like PorkBun, NameCheap, NameSilo, Proxy LLC, etc. in violation considering this domain is privatized by them per the official .ai WHOIS (http://whois.nic.ai/) and using Cloudflare name servers?

It's the difference between Whois Redaction and full whois privacy. Whois privacy is a service which they replace your details with theirs. Redaction (which is what Cloudflare uses) simply doesn't send info. For this is just the difference between only showing Country and State (redaction) vs replacing those too (privacy) but different TLDs have different rules

I imagine the no refund policy is still in effect for registering this domain for two years despite there being an option to enable WHOIS privacy during registration and seemingly being a feature other registrars can provide?

I'd push that with support once they respond to you, they should do something, obviously not right for them to claim that it would be redacted repeatedly during the checkout process and then it's just not...

Is there a definitive source of truth for which TLDs are compatible with WHOIS privacy, or a list of sources per TLD? The policies page seems to be outdated: https://www.cloudflare.com/tld-policies

Not as far as I am aware of

CChaika > Are registrars like PorkBun, NameCheap, NameSilo, Proxy LLC, etc. in violation...

XechOP•2/12/25, 4:19 PM

It's the difference between Whois Redaction and full whois privacy

Is the MVP speaking here from 2018 mistaken in their claim that WHOIS privacy is explicitly offered by Cloudflare?: https://community.cloudflare.com/t/cloudflare-registrar-and-whois-privacy/36225

Redaction (which is what Cloudflare uses) simply doesn't send info.

The TLD WHOIS wouldn't have been able to display my info at all in this case; is redaction done as an after-the-fact request that a WHOIS provider can deny or not support? This may affect whether or not I complete the transfer of other domains to this registrar.

not right for them to claim that it would be redacted repeatedly during the checkout process

True, I'll leave these tickets open after all. Thank you again for helping me understand! I'd rather have my domains with Cloudflare but don't yet have the business revenue to support registered agent nor PO box for physical addressing.

Not as far as I am aware of

Given the recent announcement by ICANN, is there any roadmap for sunsetting WHOIS and implementing RDAP, or for users to enable one or both?: https://www.icann.org/en/announcements/details/icann-update-launching-rdap-sunsetting-whois-27-01-2025-en I do see this little tool: https://rdap.cloudflareregistrar.com/

XXech > It's the difference between Whois Redaction and full whois privacy Is the MVP ...

Chaika•2/12/25, 4:32 PM

Is the MVP speaking here from 2018 mistaken in their claim that WHOIS privacy is explicitly offered by Cloudflare?: https://community.cloudflare.com/t/cloudflare-registrar-and-whois-privacy/36225

It just gets confusing with terminology. As far as I know specifically refers to
"A user buys privacy from the company, who in turn replaces the user's information in the WHOIS with the information of a forwarding service"
https://en.wikipedia.org/wiki/Domain_privacy
Which is not what Cloudflare does, but it is what some registrars offer. Cloudflare simply does redaction

The TLD WHOIS wouldn't have been able to display my info at all in this case; is redaction done as an after-the-fact request that a WHOIS provider can deny or not support?

True, I believed that CF was redacting and sending info to be displayed in whois (as otherwise this gets tricky with gdpr), and just implemented that somewhere on their backend and then other private info another way to the registry, but it seems more complicated then that.
https://webmasters.stackexchange.com/a/63424 cites https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#privacy-proxy which indicates even with whois privacy protection, ICANN and such still get all your info for their purposes, but not too much info out there about redaction

Webmasters Stack Exchange

Can other domain registrars view non-public whois information?

If my domains are hosted at a registrar (lets take Gandi, for example) and it has privacy protection on the whois information, can another ICANN-accredited registrar (GoDaddy, for example) still vi...

2013 Registrar Accreditation Agreement - ICANN

Chaika•2/12/25, 4:34 PM

Given the recent announcement by ICANN, is there any roadmap for sunsetting WHOIS and implementing RDAP, or for users to enable one or both?: https://www.icann.org/en/announcements/details/icann-update-launching-rdap-sunsetting-whois-27-01-2025-en I do see this little tool: https://rdap.cloudflareregistrar.com/

This is more of a thing with the Registries and not really Registrars, you query whois.nic.ai, not Cloudflare's typically, although some tools do both. Cloudflare already supports rdap though as you see. They show the same info regardless, just different format

Chaika•2/12/25, 4:35 PM

I wouldn't expect whois to go away anytime soon, all that says is for gTLDs, RDAP will be the primary. is not a gTLD, it's a ccTLD (country code top level domain), and ccTLDs get a lot more freedom

XechOP•2/12/25, 5:25 PM

Good info. Thanks for all these clarifications. I'll stop spamming this thread now, but this all good information on how complex this is and that I'm on paths forward with Support.

A final point on gTLDs and ccTLDs, it seems there's some flex there as well as to what (maybe only monopoly-sized) orgs can choose to do, too. Google treats some ccTLDs as gTLDs: https://developers.google.com/search/docs/specialty/international/managing-multi-regional-sites#generic-domains

XXech Good info. Thanks for all these clarifications. I'll stop spamming this thread n...

Chaika•2/12/25, 5:49 PM

A final point on gTLDs and ccTLDs, it seems there's some flex there as well as to what (maybe only monopoly-sized) orgs can choose to do,

I mean fundementally to a user, to dns, etc, gTLDs and ccTLDs aren't much different. That's in the search/seo context, which makes sense for them.

Administratively, ICANN has way less oversight into ccTLDs, and they can do what they want in a lot of different ways. , a gTLD, has restrictions on how much they can raise the price, and all gTLDs have a uniform dispute process (UDRP). ccTLDs can use whatever prricing and aren't required to use UDRP, etc. ICANN does not accredit registrars or set registration policies for ccTLDs.

It gets complicated, but the tldr is just ICANN has way less control over them and thus you also have less protections with them. All new gTLDs need to support dnssec, ICANN can tell them to support rdap, etc, not stuff that applies to ccTLDs

CChaika > A final point on gTLDs and ccTLDs, it seems there's some flex there as well as...

XechOP•3/5/25, 2:18 AM

Hi Chaika,

Would you be able to escalate 01385341? It's bean nearly 30 days and I still can't see support tickets.

XXech Hi Chaika, Would you be able to escalate 01385341? It's bean nearly 30 days and...

Chaika•3/5/25, 2:49 AM

Yea it's broken for anyone without a full support entitlement is my understanding, at least without them manually fixing it. If you don't have any paid services (Registrar or Workers Paid included) then you wouldn't have access at all. Not sure if they've fixed any others, would have to see

XechOP•3/5/25, 2:58 AM

I've registrar services for one domain, thank you!